Target Corp. Chief
Executive Gregg Steinhafel is calling on retailers and banks to adopt
chip-based credit-card technology to better protect shoppers. This comes after
one of the biggest data breaches in history, and ten years after Target pulled
the plug on a three-year, $40 million program to implement use of chip-based
smart cards with added security features.
Chip-based credit cards—in which
a smart chip in the card works with special readers installed at stores—are
widely used in Europe and Canada, making it more difficult for thieves to
profit from the sort of massive data breach that hit Target over the holidays.
But the technology has yet to be
embraced in the U.S., and as a result, the U.S. has become the preferred target
for criminal hackers.
Prevailing card security in the
U.S. makes data theft easier. But progress on chip cards in the U.S. has been
slowed in part because the financial industry and retailers have been at odds over
card-swipe fees and other issues, and because neither side has wanted to commit
the billions of dollars necessary until the other side agrees as well.
In 2004, Target and Visa teamed
up to use chip-enabled cards across the retailer’s 1,000-plus store locations.
But the program was pulled out of concerns by key executives over slowed
checkout speeds and a lack of marketing benefits associated with the program.
Target's decision 10 years ago to
end the program disappointed chip advocates who had hoped it would demonstrate
the viability of chip-based cards and set the stage for their widespread use in
the U.S. Since then, retailers and banks have been caught in a chicken-and-egg
dilemma with retailers reluctant to invest billions of dollars on the needed
infrastructure unless banks commit to spending the billions of dollars needed
to issue the new cards.
And the breaches keep coming.
Target's breach affected 40 million credit- and debit-card accounts. Luxury
retailer Neiman Marcus disclosed Jan. 10 that it, too, was hit by a
computer-based attack that compromised credit-card data over the holidays.
The technology is expected to get
more traction in the U.S. by October 2015, when credit-card companies plan to
hold merchants financially responsible for any fraud that stems from a
transaction in which a chip-enabled card was presented but couldn't be used.
Currently, the banks that issue the plastic are liable for such fraud.
Of the 5.6 billion credit and
debit cards in circulation in the U.S., only an estimated 15 million to 20
million are chip cards--issued mainly to people who travel overseas frequently.
Magnetic stripes have been used
on plastic since the 1970s. Hackers find it increasingly easy to copy the data
on them because the information in the magnetic stripe doesn't change, and
criminals can easily produce fake cards, because the technology is readily
available.
Chip cards, on the other hand,
take the cardholder information and turn it into a unique code for each
transaction. They also often require additional authentication, such a personal
identification number, or PIN. Payment and security experts say the technology
wouldn't have prevented the attack at Target, but it would have made it more
difficult for thieves to counterfeit the cards and make fraudulent purchases.
Adoption of the cards in Britain
has helped reduce fraud from counterfeit cards by 70% from 2007 to 2012,
according to the U.K. Card Association. By contrast, breaches have more than
doubled since 2007 at U.S. retailers, affecting more than 5,000 records,
according to a survey by the Ponemon Institute, a Traverse City, Mich.,
research firm.
Target's own registers in the
U.S. aren't yet capable of using all the security features of the chip cards.
The company began phasing in the machines in 2012 and plans to have its entire
system fully compatible by the 2015 deadline.
Click
here for the original article from The
Wall Street Journal.